Re: troubleshooting consumption of resources const...

fabiofabio · ‎2021-08-16

Hello,
in the last few weeks I have had an abnormal increase in resource consumption. I leave attached the screens of the consumption of ram (constantly increasing) and cpu. All this happened on the 30th of last month, when there was the scheduled log cleaning activity. In addition to the use of the cpu and ram, I noticed the increase in connections, it only increased by about 1 Mbps in the sync board towards the standby node. I asked for my assistance but they could not understand the problem. resource consumption has always remained stable and now it has gone up all of a sudden and it stays there ... the ram is going up very fast until it is saturated and the problems will start ... I have to understand the problem before that.
PS: the cpu in some graphics is very low because it averages all 12 cpus, when my license allows me to use only 4.
any suggestions?
thank you.

G_W_Albrecht · ‎2021-08-16

Did you reboot the unit in question already ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

PhoneBoy · ‎2021-08-16

What version/JHF level?
Also, please provide output of the Super Seven commands: https://community.checkpoint.com/t5/Scripts/S7PAC-Super-Seven-Performance-Assessment-Commands/m-p/40...

Timothy_Hall · ‎2021-08-17

Everything looks fine to me, your firewall is not paging or swapping due to a shortage of free memory as shown by top.

Looks like normal utilization of excess memory for buffering/caching that grows over time, but that memory can be freed instantly if it is needed for code execution which happened a few times and caused the sudden drop in memory utilization in your graph. After a reboot memory utilization will look much lower and slowly grow as it is utilized for buffering/caching; this is expected and welcome behavior as long as your firewall is not dipping into swap space.

As Phoneboy said we need to see Super Seven outputs, especially free -m.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

fabiofabio · ‎2021-08-17

i haven't tried to restart it yet, can it really fix my problem?
however I leave attached the output of the Super Seven commands script.
thanks for the support!

PhoneBoy · ‎2021-08-17

The fact you have a lot of drops on eth1 is concerning and could very well be the cause of increased CPU.
Where precisely does eth1 lead?

Also, the fact you have 12 cores but are licensed for 4 means you're not able to fully utilize your appliance.
Like @Timothy_Hall said, increasing memory utilization is not necessarily indicative of an issue.

Timothy_Hall · ‎2021-08-17

As Phoneboy observed there are some drops on eth1 and eth3 but they are well below 0.1% of total frames and not an immediate concern, your single SND core in the 1/3 split is also relatively idle compared your 3 firewall worker cores which are running around 60% utilization. Not a huge amount of headroom available there and I'd agree with Phoneboy that you may want to consider licensing 8 cores which would move you to a 2/6 split.

Your 27% F2F traffic percentage is a bit high but not ridiculous, please provide the output of enabled_blades which may explain some of that. Everything else looks fine to me...

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course

fabiofabio · ‎2021-08-18

[Expert@*******:0]# enabled_blades
fw vpn cvpn urlf appi ips identityServer SSL_INSPECT anti_bot mon vpn

I understand that I have few resources available but I ask you please to look again at the screen I am attaching, that sudden increase in resources It is something strange. It is not possible for an appliance to run for months and months with regular resource consumption, there is a definite pattern. and then suddenly, BOOM, from the 29th there is a SUBSTANTIVE increase in resources. it is anomalous, no doubt about it

G_W_Albrecht · ‎2021-08-18

I would suggest a reboot or failover - an uptime of more than a month is not good for a GW 8).

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Kaspars_Zibarts · ‎2021-08-18

@G_W_Albrecht not relevant to the topic of the tread, but I would disagree that you would need to restart GW every month, seems a bit excessive to me. Just for fun comment, back in the day we had a Nokia IP440 box with uptime over 3500 days! no memory issues... 🙂 SW in IPSO was top notch!

G_W_Albrecht · ‎2021-08-18

OK, i admit that current CP GAiA based GWs need only to be rebooted about once every quarter 😏

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Are you a member of CheckMates?

troubleshooting consumption of resources constantly increasing